23 matches found
EUVD-2026-18218
uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries...
EUVD-2014-0708
Malware in sbrugna...
EUVD-2023-44383
Malicious code in bioql PyPI...
EUVD-2024-20124
Malicious code in bioql PyPI...
CVE-2024-22590
The TLS engine in Kwik commit 745fd4e2 does not track the current state of the connection. This vulnerability can allow Client Hello messages to be overwritten at any time, including after a connection has been established...
CVE-2024-22590
The TLS engine in Kwik commit 745fd4e2 does not track the current state of the connection. This vulnerability can allow Client Hello messages to be overwritten at any time, including after a connection has been established...
Infinite Loop
FRRouting is vulnerable to Infinite Loop. The vulnerability is due to a Loop with Unreachable Exit Condition in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. An attacker can exploit this by sending specially crafted hello messages with the unicast...
CVE-2024-1300
A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading...
CVE-2023-3748
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory...
Design/Logic Flaw
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory...
CVE-2023-3748 Inifinite loop in babld message parsing may cause dos
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory...
CVE-2023-3748
CVE-2023-3748 affects FRRouting (FRR) where parsing of certain babeld unicast hello messages that are intended to be ignored can be abused by sending crafted Hello messages with the unicast flag set, the interval field as 0, or a TLV containing a sub‑TLV with the Mandatory flag. This can enter an...
UBUNTU-CVE-2022-39173
In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list ...
Barrier Resource Management Error Vulnerability
Barrier is a software that mimics the functionality of the Kvm switcher. A security vulnerability exists in Barrier, which stems from the fact that prior to 2.3.4 Barrier sent Hello messages for each TCP session simultaneously, which could be used by an attacker to cause a segmentation error in t...
Barrier 资源管理错误漏洞
Barrier is a software that mimics the functionality of the Kvm switcher. A security vulnerability exists in Barrier, which stems from the fact that prior to 2.3.4 Barrier sent Hello messages for each TCP session simultaneously, which could be used by an attacker to cause a segmentation error in t...
CVE-2021-31362
A Protection Mechanism Failure vulnerability in RPD routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause established IS-IS adjacencies to go down by sending a spoofed hello PDU leading to a Denial of Service DoS condition...
Cisco NX-OS Software Label Distribution Protocol Message Vulnerability (Cisco-SA-20140123-CVE-2014-0677)
A vulnerability in the Label Distribution Protocol LDP message processing of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to stop accepting valid LDP sessions during a 60-second period. Copyright C 2016 Greenbone Networks GmbH Some text...
OpenSSL TLS Missing SRP Extension Denial of Service (CVE-2014-5139)
A denial of service vulnerability has been reported in OpenSSL. The vulnerability is due to an issue while parsing Server Hello messages with a specific cipher suite and extension. A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted packet to a target...
Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2308-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2308-1 advisory. Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL ...
USN-2229-1 gnutls26 vulnerability
Joonas Kuorilehto discovered that GnuTLS incorrectly handled Server Hello messages. A malicious remote server or a machine-in-the-middle could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code...